diff options
author | gilles <gilles@poolp.org> | 2016-05-11 09:37:59 +0200 |
---|---|---|
committer | gilles <gilles@poolp.org> | 2016-05-11 09:37:59 +0200 |
commit | 88a9b19689b70a92f8def98badf20471cbfae449 (patch) | |
tree | 8179d426dada06e10d06e602b6c5f894e9e24db8 | |
parent | Merge branch 'master' into portable (diff) | |
download | OpenSMTPD-88a9b19689b70a92f8def98badf20471cbfae449.tar.xz OpenSMTPD-88a9b19689b70a92f8def98badf20471cbfae449.zip |
fix build for non-libressl
-rw-r--r-- | configure.ac | 19 | ||||
-rw-r--r-- | smtpd/libressl.c | 16 | ||||
-rw-r--r-- | smtpd/ssl.c | 2 | ||||
-rw-r--r-- | smtpd/ssl.h | 8 |
4 files changed, 41 insertions, 4 deletions
diff --git a/configure.ac b/configure.ac index ca74aebe..53da3f02 100644 --- a/configure.ac +++ b/configure.ac @@ -1881,6 +1881,25 @@ AM_CONDITIONAL([HAVE_SSL_CTX_SET_ECDH_AUTO], [test $OPENSSL_SUPPORTS_ECDH_AUTO = ##gilles ##gilles +OPENSSL_SUPPORTS_DH_AUTO=no +AC_MSG_CHECKING([if programs using SSL_CTX_set_dh_auto will link]) +AC_LINK_IFELSE( + [AC_LANG_PROGRAM([[ #include <openssl/ssl.h> ]], + [[ SSL_CTX_set_dh_auto(NULL, 1); ]])], + [ + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_SSL_CTX_SET_DH_AUTO], [1], + [Define if SSL library support SSL_CTX_set_dh_auto]) + OPENSSL_SUPPORTS_DH_AUTO=yes + ], + [ + AC_MSG_RESULT([no]) + ] +) +AM_CONDITIONAL([HAVE_SSL_CTX_SET_DH_AUTO], [test $OPENSSL_SUPPORTS_DH_AUTO = yes]) +##gilles + +##gilles AC_MSG_CHECKING([if SSL_OP_NO_TICKET is supported]) AC_EGREP_CPP(HAVE_SSL_OP_NO_TICKET, [ #include <openssl/ssl.h> diff --git a/smtpd/libressl.c b/smtpd/libressl.c index 95ea6827..57d74389 100644 --- a/smtpd/libressl.c +++ b/smtpd/libressl.c @@ -80,9 +80,6 @@ #include "ssl.h" #define SSL_ECDH_CURVE "prime256v1" -#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO -void SSL_CTX_set_ecdh_auto(SSL_CTX *, int); -#endif /* * Read a bio that contains our certificate in "PEM" format, @@ -201,3 +198,16 @@ SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int enable) EC_KEY_free(ecdh); } #endif + +#ifndef HAVE_SSL_CTX_SET_DH_AUTO +void +SSL_CTX_set_dh_auto(SSL_CTX *ctx, int enable) +{ + if (!enable) + return; + + /* stub until OpenSSL catches up with this ... */ + log_warnx("OpenSSL does not support SSL_CTX_set_dh_auto (yet ?)"); + return; +} +#endif diff --git a/smtpd/ssl.c b/smtpd/ssl.c index 8c4fb247..7dcd2ce6 100644 --- a/smtpd/ssl.c +++ b/smtpd/ssl.c @@ -87,7 +87,7 @@ ssl_setup(SSL_CTX **ctxp, struct pki *pki, if (sni_cb) SSL_CTX_set_tlsext_servername_callback(ctx, sni_cb); - SSL_CTX_set_dh_auto(ctx, pki->pki_dhe); + SSL_CTX_set_dh_auto(ctx, 0); SSL_CTX_set_ecdh_auto(ctx, 1); diff --git a/smtpd/ssl.h b/smtpd/ssl.h index dfa6994c..90f018d0 100644 --- a/smtpd/ssl.h +++ b/smtpd/ssl.h @@ -65,3 +65,11 @@ int ssl_ctx_fake_private_key(SSL_CTX *, const void *, size_t, /* ssl_privsep.c */ int ssl_by_mem_ctrl(X509_LOOKUP *, int, const char *, long, char **); + +#ifndef HAVE_SSL_CTX_SET_ECDH_AUTO +void SSL_CTX_set_ecdh_auto(SSL_CTX *, int); +#endif +#ifndef HAVE_SSL_CTX_SET_DH_AUTO +void SSL_CTX_set_dh_auto(SSL_CTX *, int); +#endif +int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, void *, int); |